Mirai Co-Author Gets House Arrest, $8.6 Million Fine

One of the co-authors of the devastating Mirai botnet has been sentenced to home incarceration and community service, and ordered to pay $8.6 million in restitution, for his role in a series of distributed denial-of-service attacks.

On Friday in federal court in Trenton, New Jersey, U.S. District Judge Michael Shipp sentenced Paras Jha, 22, to serve six months of home incarceration, five years of parole as well as 2,500 hours of community service - or the equivalent of more than 300 days of full-time work.

Jha, who's a resident of Fanwood, New Jersey, had previously pleaded guilty before Judge Shipp to violating the Computer Fraud & Abuse Act by launching a series of DDoS attacks from November 2014 to September 2016 against Rutgers University in New Brunswick, New Jersey.

"Jha's attacks effectively shut down Rutgers University's central authentication server, which maintained, among other things, the gateway portal through which staff, faculty and students delivered assignments and assessments," the Department of Justice says.

Jha's attorney, Robert G. Stahl, didn't immediately respond to a request for comment on the sentencing.

Three Mirai Creators Sentenced

The sentencing of Jha follows him and two other defendants - Josiah White, 21, of Washington, Pennsylvania, and Dalton Norman, 22, of Metairie, Louisiana - pleading guilty in a federal court in Alaska on Dec. 8, 2017, to creating and operating the Mirai botnet.

Mirai was malware built to target 64 default or hard-coded credentials built into dozens of internet of things devices, including inexpensive, widely used digital video recorders, wireless cameras and routers (see Can't Stop the Mirai Malware).

"At its peak, Mirai consisted of hundreds of thousands of compromised devices," the Justice Department says. "The defendants used the botnet to conduct a number of other DDoS attacks."

Jha and Norman also pleaded guilty in December 2017 to violating the Computer Fraud & Abuse Act from December 2016 to February 2017 by infecting more than 100,000 internet devices - primarily consumer routers based in the U.S. - and using them to build a botnet, which functioned in part as a gigantic internet traffic routing proxy network.

"The victim devices were used primarily in advertising fraud, including 'clickfraud,' a type of internet-based scheme that utilizes 'clicks,' or the accessing of URLs and similar web content, for the purpose of artificially generating revenue," the Justice Department says (see: Video Ad Fraud Botnet Bags Up to $1.3 Million Daily).

On Sept. 18, 2018, all three defendants were sentenced in Alaska federal court to serve a five-year period of probation, 2,500 hours of community service and ordered to pay $127,000 in restitution. The Justice Department said all had "voluntarily abandoned significant amounts of cryptocurrency seized during the course of the investigation" as well as actively assisted the FBI.

"The defendants have provided assistance that substantially contributed to active complex cybercrime investigations as well as the broader defensive effort by law enforcement and the cybersecurity research community," the Justice Department said in a news release. Continuing to cooperate with the FBI was a condition of the sentence all three of the men received.

A spokeswoman for the Department of Justice says Jha will serve his two sentences concurrently.

Mirai's Legacy Lives On

An outfit calling itself Poodlecorp originally developed Mirai and used it to disrupt online gaming. But when the heat began to get turned up on the group, Jha in late September 2016 dumped the source code onto a cybercrime forum, giving everyone their plans for building a cheap and effective botnet out of poorly secured internet-connected devices.

After publishing the source code, the Justice Department says that the three men stopped using Mirai "in the fall of 2016."

The malware has been tied to numerous attacks, including a then record-setting DDoS attack against domain name server provider Dyn on Oct. 21, 2016, which resulted in widespread internet outages, preventing users from reaching such websites as Amazon, PayPal, Spotify and Twitter.

Brit Gets Suspended Sentence

Separately, British national Daniel Kaye, aka "BestBuy" and "Spiderman," last year pleaded guilty in German court to infecting 1.25 million Deutsche Telekom routers with his own Mirai botnet - codenamed Mirai #14 by authorities - and received a suspended sentence. Kaye said he'd been paid $10,000 to launch the early November 2016 attack against Lonestar MTN, Liberia's largest internet service provider, by an unnamed individual.

Kaye was then extradited to the U.K., where he was charged with launching DDoS attacks in January 2017 against two British banks: Lloyds Banking Group services, which suffered disruptions, as well as Barclays, which did not (see Mirai Malware Attacker Extradited From Germany to UK).

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.